我的系统是vista，在系统目录system32下面有个文件jnsfhf.dll，系统启动时报错，加载jnsfhf.dll错误，文件正在使用，使用瑞星杀毒20.60提示，该文件为trojan.DL.win32.undef.vt病毒，但是无法删除，在20.61.50版本后，提示该文件为同样病毒，删除成功，但是文件仍然在文件夹中，启动是仍然报同样错误，手动删除文件，提示正在使用，用安全模式删除文件，同样提示。使用控制台删除，也是同样提示。本想提交文件作为病毒样本，但是不能备份，不能压缩，都是提示文件正在使用，查找注册表和进程服务，也找不到jnsfhf.dll。网站上查找jnsfhf.dll，也找不到相关的内容。
目前使用了我所知道的所有办法，问题仍然解决不了。高手们，救命啊！！


用户系统信息：Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.04506; InfoPath.2)

瑞星杀毒软件的所有方法我都使用过，没用

瑞星的听诊器查不出任何问题，空的，也没有生成什么文件

没有这个文件  瑞星听诊信息.htm
听诊运行以后，进度条走完以后没有任何结果

几经努力，瑞星听诊器总算有个结果文件
但是好像没有什么异常

未知家族病毒分析
扫描结果:
无可疑文件


系统活动进程
C:\WINDOWS\MSAGENT\AGENTSVR.EXE
C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.GDIPLUS_6595B64144CCF1DF_1.0.6001.18065_NONE_9E7ABE2EC9C13222\GDIPLUS.DLL
C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.6001.18000_NONE_5CDBAA5A083979CC\COMCTL32.DLL

C:\USERS\YY\DESKTOP\RSDETECT.EXE
C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_5.82.6001.18000_NONE_886786F450A74A05\COMCTL32.DLL
C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.6001.18000_NONE_5CDBAA5A083979CC\COMCTL32.DLL

C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASHUTIL9F.EXE
C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.6001.18000_NONE_5CDBAA5A083979CC\COMCTL32.DLL

C:\WINDOWS\SYSTEM32\DWM.EXE
C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.6001.18000_NONE_5CDBAA5A083979CC\COMCTL32.DLL
C:\WINDOWS\SYSTEM32\NVD3DUM.DLL

C:\WINDOWS\SYSTEM32\TASKENG.EXE
C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.6001.18000_NONE_5CDBAA5A083979CC\COMCTL32.DLL
C:\WINDOWS\SYSTEM32\NVAPI.DLL

C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.GDIPLUS_6595B64144CCF1DF_1.0.6001.18065_NONE_9E7ABE2EC9C13222\GDIPLUS.DLL
C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.6001.18000_NONE_5CDBAA5A083979CC\COMCTL32.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMDLLS\TDATONCE_NOW.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMDLLS\XUNLEIBHO_NOW.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMPONENTS\RESWORKER\DSBHO_01.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMPONENTS\RESWORKER\DATAPROCESSOR_01.DLL
D:\PROGRAM FILES\360SAFE\SAFEMON\SAFEMON.DLL
C:\PROGRAM FILES\WINDOWS LIVE\MESSENGER\FSSHEXT.8.5.1302.1018.DLL
C:\WINDOWS\WINSXS\X86_MICROSOFT.VC80.CRT_1FC8B3B9A1E18E3B_8.0.50727.1434_NONE_D08B6002442C891F\MSVCR80.DLL
C:\PROGRA~1\WOPTI\WOPTIC~1.DLL
C:\WINDOWS\SYSTEM32\NVCPL.DLL
C:\PROGRAM FILES\WINRAR\RAREXT.DLL
C:\WINDOWS\SYSTEM32\RAVEXT.DLL
D:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL
C:\WINDOWS\SYSTEM32\NVAPI.DLL
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\MSOHEVI.DLL

C:\WINDOWS\SYSTEM32\DLLHOST.EXE
C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.6001.18000_NONE_5CDBAA5A083979CC\COMCTL32.DLL

C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE
C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\2.0.301.7164\GTN.DLL
C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.6001.18000_NONE_5CDBAA5A083979CC\COMCTL32.DLL
C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\2.0.301.7164\RES_ZH-CN.DLL
C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\2.0.301.7164\SWG.DLL

D:\PROGRAM FILES\RISING\RAV\RAVMON.EXE
C:\WINDOWS\SYSTEM32\MFC71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.6001.18000_NONE_5CDBAA5A083979CC\COMCTL32.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
D:\PROGRAM FILES\RISING\RAV\PROCCOM.DLL
D:\PROGRAM FILES\RISING\RAV\RSCOMMX2.DLL
D:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL
D:\PROGRAM FILES\RISING\RAV\RECOMP.DLL
D:\PROGRAM FILES\RISING\RAV\REFS.DLL
D:\PROGRAM FILES\RISING\RAV\VIRUSLIB.DLL
D:\PROGRAM FILES\RISING\RAV\RELIBLDR.DLL
D:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL
D:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL
D:\PROGRAM FILES\RISING\RAV\MONRULE.DLL
D:\PROGRAM FILES\RISING\RAV\PNGDLL.DLL
D:\PROGRAM FILES\RISING\RAV\RSGUILIB.DLL
D:\PROGRAM FILES\RISING\RAV\RSXML.DLL

C:\PROGRAM FILES\INTERNET EXPLORER\IEUSER.EXE
C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.6001.18000_NONE_5CDBAA5A083979CC\COMCTL32.DLL
C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_5.82.6001.18000_NONE_886786F450A74A05\COMCTL32.DLL

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.6001.18000_NONE_5CDBAA5A083979CC\COMCTL32.DLL
C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.GDIPLUS_6595B64144CCF1DF_1.0.6001.18065_NONE_9E7ABE2EC9C13222\GDIPLUS.DLL
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\MSOHEVI.DLL
C:\WINDOWS\WINSXS\X86_MICROSOFT.VC80.CRT_1FC8B3B9A1E18E3B_8.0.50727.1434_NONE_D08B6002442C891F\MSVCR80.DLL
C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR1.DLL
C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_5.82.6001.18000_NONE_886786F450A74A05\COMCTL32.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMDLLS\TDATONCE_NOW.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMDLLS\XUNLEIBHO_NOW.DLL
C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMPONENTS\RESWORKER\DATAPROCESSOR_01.DLL
D:\PROGRAM FILES\360SAFE\SAFEMON\SAFEMON.DLL
D:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL
D:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH9F.OCX
C:\WINDOWS\SYSTEM32\NVD3DUM.DLL
C:\WINDOWS\SYSTEM32\UNISPIM6.IME

D:\PROGRAM FILES\RISING\RAV\RSAGENT.EXE
C:\WINDOWS\SYSTEM32\MFC71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
C:\WINDOWS\WINSXS\X86_MICROSOFT.WINDOWS.COMMON-CONTROLS_6595B64144CCF1DF_6.0.6001.18000_NONE_5CDBAA5A083979CC\COMCTL32.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
D:\PROGRAM FILES\RISING\RAV\PROCCOM.DLL
D:\PROGRAM FILES\RISING\RAV\RSCOMMX2.DLL


普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RavTask = "D:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
swg = C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBARNOTIFIER\GOOGLETOOLBARNOTIFIER.EXE


AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs =


系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = C:\Windows\notepad.exe %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> Word.Document.8 = "C:\Program Files\Microsoft Office\Office12\WINWORD.EXE" /n /dde

其它启动项
WIN.INI
无信息

SYSTEM.INI
SHELL = explorer.exe
SCRNSAVE.EXE = C:\Windows\system32\PARTIC~1.SCR


Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\WINDOWS\SYSTEM32\USERINIT.EXE,
shell = EXPLORER.EXE


IE - BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{01443AEC-0FD1-40fd-9C87-E93D1494C233} = C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
{889D2FEB-5411-4565-8998-1DD2C5261283} = C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} = c:\program files\google\googletoolbar1.dll
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} = d:\Program Files\360safe\safemon\safemon.dll


Winsock SPI
Rising Net Filter over [MSAFD Tcpip [TCP/IP]] = D:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL
Rising Net Filter over [RSVP TCP = D:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL
MSAFD Tcpip [TCP/IP] = C:\Windows\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IP] = C:\Windows\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IP] = C:\Windows\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [TCP/IPv6] = C:\Windows\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IPv6] = C:\Windows\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IPv6] = C:\Windows\SYSTEM32\MSWSOCK.DLL
RSVP TCPv6 = C:\Windows\SYSTEM32\MSWSOCK.DLL
RSVP TCP = C:\Windows\SYSTEM32\MSWSOCK.DLL
RSVP UDPv6 = C:\Windows\SYSTEM32\MSWSOCK.DLL
RSVP UDP = C:\Windows\SYSTEM32\MSWSOCK.DLL
Rising Net Filter = D:\PROGRAM FILES\RISING\RAV\HOOKSPI.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{292B1098-88A1-4310-9095-7D06D7DA7FC8}] SEQPACKET 0 = C:\Windows\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{292B1098-88A1-4310-9095-7D06D7DA7FC8}] DATAGRAM 0 = C:\Windows\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{EF5E9B4E-621F-415B-8800-D93E37A73F4A}] SEQPACKET 4 = C:\Windows\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{EF5E9B4E-621F-415B-8800-D93E37A73F4A}] DATAGRAM 4 = C:\Windows\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B3F20443-7800-4026-839E-DF7FE28EBFFE}] SEQPACKET 2 = C:\Windows\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{B3F20443-7800-4026-839E-DF7FE28EBFFE}] DATAGRAM 2 = C:\Windows\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{2A44AA78-95E9-4951-9C05-05F82BC554F7}] SEQPACKET 3 = C:\Windows\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{2A44AA78-95E9-4951-9C05-05F82BC554F7}] DATAGRAM 3 = C:\Windows\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{9A9BCA08-090E-4495-9533-986D08D4FAB1}] SEQPACKET 6 = C:\Windows\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{9A9BCA08-090E-4495-9533-986D08D4FAB1}] DATAGRAM 6 = C:\Windows\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{292B1098-88A1-4310-9095-7D06D7DA7FC8}] SEQPACKET 1 = C:\Windows\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{292B1098-88A1-4310-9095-7D06D7DA7FC8}] DATAGRAM 1 = C:\Windows\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{EF5E9B4E-621F-415B-8800-D93E37A73F4A}] SEQPACKET 5 = C:\Windows\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip6_{EF5E9B4E-621F-415B-8800-D93E37A73F4A}] DATAGRAM 5 = C:\Windows\SYSTEM32\MSWSOCK.DLL

系统服务项

文件驱动

系统驱动项